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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A computer-implemented method for controlling access to 
documents during a workflow, comprising: 

upon entry of a base document into a workflow, creating a workflow working copy of 
the base document; 

receiving a request to access the base document by a user; 

determining using the identity of the user if the user should be provided access to the 
workflow working cot)v of the base document; 

ooleotiv e ly p roviding the user access to the base document if it is not determined that 
the user should be provided access to the workflow working copy of the base document 
depending upon tho identity of a us e r ; 

selectiv e ly providing the user access to the workflow working copy of the base 
document if it is determined that the user should be provided access to the workflow working 
copy of the base document depending upon tho identity of a us e r ; and 

if the user is provided access to the workflow working copy of the base document, 
selectively providing access to perform operations on the workflow working copy of the base 
document depending upon the identity of the user. 

2. (Previously Amended) The method of claim 1, further comprising: 

storing access control list data in relation to the base document, the access control list 
data defining access controls on performing operations of the workflow working copy of the 
base document; and 

storing security descriptor data in relation to the base document and the workflow 
working copy of the base document, the security descriptor data defining access controls on 
reading the base document and the workflow working copy of the base document. 

3. (Previously Amended) The method of claim 2, wherein selectively providing 
access to perform operations on the workflow working copy of the base document depending 
upon the identity of a user, comprises: 
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determining using the access control list data stored in relation to the base document 
that a user has permission to perform an operation on the workflow working copy of the base 
document; and 

allowing the user to perform the operation on the workflow working copy of the base 
document. 



4. (Previously Amended) The method of claim 2, wherein the step of selectively 
providing access to perform operations on the workflow working copy of the base document 
depending upon the identity of a user, comprises: 

determining using the access control list data stored in relation to the base document 
that a user does not have permission to perform an operation on the workflow working copy 
of the base document; and 

denying the user access to perform the operation on the workflow working copy of the 
base document. 

5. (Previously Amended) The method of claim 2, wherein the access control list data 
comprises information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation, and said act of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user, comprises: 

referencing the information identifying for each of a plurality of operations, 
the set of users that have permission to perform the operation; and 

if the user is in the set of users that have permission to perform the operation, 
providing access to the operation. 

6. (Previously Amended) The method of claim 2, wherein the access control list data 
comprises information identifying for each of a plurality of operations, the set of users that 
have permission to perform the operation, and said act of selectively providing access to 
perform operations on the workflow working copy of the base document depending upon the 
identity of a user, comprises: 
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referencing the information identifying for each of a plurality of operations, 
the set of users that have permission to perform the operation; and 

if the user is not in the set of users that have permission to perform the 
operation, denying access to the operation. 

7. (Previously Presented) The method of claim 5, wherein the set of users are defined 
in terms of the roles that have permission to perform the operation, and said act of 
referencing the information identifying for each of a plurality of operations, the set of users 
that have permission to perform the operation, comprises: 

resolving for the user the set of roles to which the user has been assigned; and 
determining using the set of roles to which the user has been assigned and the 

set of users defined in terms of the roles that have permission to perform the operation, 

whether the user has permission to perform the requested operation. 

8. (Currently Amended) The method of claim 2, wherein ooloctivoly providing a user 
accooG to tho workflow working copy of tho bas e document d e pending upon th e id e ntity of a 
teseg determining using the identity of the user if the user should be provi ded access to the 
workflow working copy of the base document, comprises: 

determining using the security descriptor data stored in relation to the base document 
and the workflow working copy document, thai if a the user has permission to read the 
workflow working copy of the base documentt-aftd 

providing tho uo e r accooo to tho workflow working copy of th e base document . 

9. (Cancelled) 

10. (Currently Amended) The method of claim 2, wherein the security descriptor data 
comprises information identifying the set of users that have permission to read each of the 
base document and the workflow working copy of the base document, and said act of 
Goloctiv e ly providing acceGG to th e workflow working copy of tho baoo docum e nt depending 
nn tho identity of tho user determining using the identity of the user if the user should be 
provided access to the workflow working copy of the base document, comprises: 
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referencing the information identifying the set of users that have permission to 
read e ach of th e bas e document and the workflow working copy of the base document; and 

determining if the user is in the set of users that have permission to read the 
workflow working copy of the base document. , providing acc e ss to tho workflow working 
copy of th e bas e docum e nt . 

1 1 . (Currently Amended) The method of claim 10, wherein the set of users are 
defined in terms of the roles that have permission to read each of the base document and the 
workflow working copy of the base document, and said act of referencing the information 
identifying the set of users that have permission to read oaoh of tho bas e docum e nt and the 
workflow working copy of the base document, comprises: 

resolving for the user the set of roles to which the user has been assigned; and 
determining using the set of roles to which the user has been assigned and the 
set of roles that have permission to read each of the base docum e nt and the workflow 
working copy of the base document, whether the user has permission to read tho base 
document or the workflow working copy of the base document. 

12. (Original) A computer-readable media having stored thereon computer- 
executable instructions for performing the steps recited in claim 1 . 

13. (Currently Amended) A system for providing document isolation in a workflow 
environment, comprising: 

a processor, wherein said processor is operable to execute instructions for performing 

the following acts: 

maintaining for a base document undergoing a publishing workflow, a 
workflow copy of the base document; 

maintaining access control data in relation to the base document and the 
workflow copy of the base document, 

upon receipt of a request to access the base document, Goloctivoly determining 
based on the access control data to provide if access should be provided t o the workflow copy 
of the b ase document; and 
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providing access to the workflow copy of the base document if it determined 



that access should be provided to the workflow copy of the base document; and 

upon r e c e ipt of a r e qu e st to acc e ss th e bas e docum e nt, s e l e ctiv e ly d e t e rmining bas e d 
on the access control data to provid e acc e ss to th e workflow copy of th e bas e docum e nt. 



not be provided to the workflow copy of the base document. 

14. (Previously Amended) The system of claim 13, wherein the access control data 
comprises security descriptor data identifying the set of users that have permission to read the 
base document and the workflow copy of the base document, the set of users comprising 
reviewers and approvers 

15. (Currently Amended) The system of claim 14, wherein said processor is operable 
to execute instructions for performing the following acts: 

referencing the security descriptor data; and 

determining that a user should be provided access dir e ct e d to the workflow 
copy of the base document based on the security descriptor data. 

16. (Previously Amended) The system of claim 15, wherein the security descriptor 
data identifies a set of roles corresponding to the set of users that have permission to read the 
base document and the workflow copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that a 
user has been assigned. 

17. (Previously Amended) The system of claim 13, wherein the access control data 
comprises access control list data identifying the set of users that have permission to perform 
operations on the workflow copy of the base document. 

18. (Previously Amended) The system of claim 17, wherein said processor is operable 

to execute instructions for performing the following acts: 

referencing the access control list data; and 
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determining that a user should be allowed to perform an operation on the 
workflow copy of the base document based on the access control list data. 

19. (Previously Amended) The system of claim 18, wherein the access control list 
data identifies a set of roles corresponding to the set of users that have permission to perform 
operations on the workflow copy of the base document, and wherein said processor is 
operable to execute instructions for performing the act of determining the set of roles that a 
user has been assigned. 

20. (Cancelled) A method for controlling access to operations that may be performed 
on a document, comprising: 

upon creation of a workflow, creating a workflow copy of a base document; 
receiving a request to create a new operation that may be performed on the 
workflow copy of the base document; 

assigning a unique identifier to the new operation; 

updating an access control list to include an entry for the unique identifier for 
the new operation; and 

updating the access control list to include an entry identifying the roles that 
have access to the new operation. 

21. (Cancelled) The method of claim 20, further comprising updating the access 
control list to change roles that have access to the new operation in response to a change from 
a first state to a second state by the workflow copy of the document in the workflow. 

22. (Cancelled) The method of claim 20, wherein the workflow is a publishing 
workflow and the new operation is at least one of the following: review and approve. 

23. (Cancelled) The method of claim 20, further comprising: 

receiving a request to perform the new operation on the workflow copy of the base 
document; 

determining using the access control list whether to allow access to the new operation. 
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24. (Cancelled) The method of claim 23, wherein determining using the access control 
list whether to allow access to the new operation comprises comparing a user's roles with the 
roles identified in the access control list as having access to the new operation. 

25. (Withdrawn) A computer-implemented method of controlling access to 
documents, comprising: 

maintaining a first list defining who may access a base document; 

maintaining a second list defining who may perform operations on the base document; 

upon receipt of a request from a user to create a workflow, accessing the first list and 
the second list to determine whether the user may create a workflow relating to the base 
document; 

if the first list and the second list indicate the user may create a workflow relating to 
the base document, creating a copy of the base document; and 

while the copy of the base document is in the workflow, in response to requests to 
access the base document, accessing at least the first list to determine whether to provide 
access to the copy of the base document. 

26. (Withdrawn) The method of claim 25, wherein maintaining a first list defining 
who may access a base document comprises maintaining a list of security descriptors. 

27. (Withdrawn) The method of claim 25, wherein maintaining a second list defining 
who may perform operations on the base document comprises maintaining an access control 
list. 

28. (Withdrawn) The method of claim 25, further comprising updating the second list 
upon creation of the copy of the base document to identify who may perform operations on 
the copy of the base document. 
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29. (Withdrawn) The method of claim 25, wherein maintaining a first list defining 
who may access a base document comprises maintaining a first list defining roles that may 
access a base document. 

30. (Withdrawn) The method of claim 25, further comprising maintaining a third list 
defining who may access the copy of the base document. 

31. (Previously Presented) The method of claim 1, further comprising replacing the 
base document with the working workflow document upon exit of the base document from 
the workflow. 

32. (Previously Presented) The system of claim 13, further comprising upon exit of 
the base document from the workflow replacing the base document with the workflow copy 
of the base document. 
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